CVE-2021-0189

Vulnerability

An out-of-range pointer offset vulnerability exists in the BIOS firmware for some Intel(R) processors [1]. Affected products include various Intel processor families; the advisory details specific models [1]. A privileged user can exploit this flaw to escalate privileges further, potentially gaining higher access levels within the system.

Exploitation

The attacker must have local access and elevated privileges (e.g., ring 0 or SMM) to trigger the out-of-range pointer offset [1]. The exact exploitation steps are not publicly detailed, but the vulnerability resides in the BIOS code and requires a controlled memory corruption via offset manipulation [1].

Impact

Successful exploitation allows a privileged user to escalate their privilege level, potentially gaining full control over the platform (e.g., system management mode (SMM) or higher privilege rings) [1]. This can lead to bypassing security mechanisms or accessing protected data.

Mitigation

Intel released firmware updates to address CVE-2021-0189. Users should update their system BIOS/UEFI firmware to the latest version provided by the system manufacturer. No workaround is available if the system cannot be updated. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].